3 As Data Centers Evolve, So Do Security Needs Today s enterprise data centers are undergoing a period of intense evolution. Virtualization and cloud computing are changing the way IT organizations deliver services, creating new opportunities to reduce costs, increase efficiencies, and accelerate business operations. These innovations are transforming the data center, replacing physical infrastructure with flexible pools of virtual assets that can be scaled and re-configured dynamically. In a recent Network World survey, 62 percent of respondents planned to virtualize at least 40 percent of their servers by year end, with one-third targeting 60 percent. Fully half had already implemented a private cloud within their infrastructure or planned to do so within the next three years. But as organizations make the transition from application-specific virtualization to full-scale dynamic clouds, many are discovering that application security can break down when subjected to data centerwide server virtualization and application mobility. Equally problematic is the fact that most conventional security solutions can t meet the performance requirements of the flat, high-capacity network fabrics required for cloud-scale virtualization. Securing a cloud environment demands new best practices and a security model fully adapted to the challenges of four critical transitions taking place within our data centers and in the threat environments that surround them. How important is it that the following are part of your company s data center security strategy? Critical Very important Somewhat important Not very important Providing outstanding threat prevention (intrusion prevention) Ensuring that network speed is not affected by the implementation of network security technologies Providing the same level of security policy control that exists in a conventional environment Providing policy enforcement that is based on the actual application rather than the network port number Replacing IP addresses with identities moving away from reliance on IP addresses as the center of security investigation and policy management activities 6% 26% 25% 21% 38% 27% 40% 53% 48% 30% 39% Source: IDG Research, November % 20% 17% 13% 17% 6% 3% 5% 5% Critical/ Very important 77% 79% 73% 61% 33% Figure 1. Threat prevention is a top concern as organizations move to a virtualized data center. Physical to virtual infrastructure In a conventional data center with applications running on dedicated physical servers and connected by networks of physical cables and switches, the hardware affords an element of isolation, a natural framework for defensible trust boundaries. When that physical infrastructure is virtualized, new strategies are required to create and maintain those boundaries in the absence of physical partitions. Another problem is the inter-machine communication that moves into the virtual environment along with the virtual machines beyond the reach of physical security controls. Virtualized applications to private clouds The transition to a true cloud platform brings an unprecedented level of dynamism into the data center environment. Virtual machines are continuously launched, moved, and decommissioned as workloads change around the clock. Correctly applying security policy and detecting threats in real time requires the ability to accurately track applications, recognize users, correlate events, and analyze behaviors in a constantly changing environment. Without it, blind spots that are unmanaged and insecure develop quickly. Scalable Network Security for the Virtualized Data Center 3

4 Multitiered to flat network architectures Cloud environments experience frequent large-scale data transfers as the virtual infrastructure is reconfigured to accommodate changing workloads. They also generate large volumes of east-west traffic between virtual machines and storage. Multitiered architectures adopted from the enterprise network are proving too slow and inflexible and are giving way to flatter, non-blocking 10 GbE fabrics with the ability to connect tens of thousands of nodes. The rise of advanced persistent threats Attack strategies continue to gain sophistication, the most insidious example being the emergence of advanced persistent threats (APTs) targeted attacks designed for stealthy penetration, long-term surveillance, and large-scale data theft. Many APTs have shown the ability to migrate through an environment, compromising system after system without creating the telltale traffic that typically signals malware propagation. The Stakes Are High The business impacts of a large-scale data breach can be widespread and long-lasting. Services can be interrupted for investigation and remediation. Victims of personal data loss must be notified and compensated. Often there are regulatory fines, class action lawsuits, and public relations costs. The damage to brand and business and customer relationships can be devastating. Consider a few examples from 2011 alone: Sony Corporation has experienced more than a dozen separate breaches, mostly occurring during 2011, affecting Sony PlayStation Network, Sony Online Entertainment, Sony Pictures, and other company sites. 1 More than 77 million customer records were compromised overall, with total cost estimates ranging upwards from $171 million. 2 Epsilon, the world s largest permission-based marketing provider, suffered a massive breach in April. The company sends more than 40 billion s annually for more than 2,500 clients, including seven of the Fortune 10. More than 60 million customer addresses were compromised, for clients that included Kroger, US Bank, JPMorgan Chase, Capital One, and Home Shopping Network, among many others. 3 RSA, the security division of EMC Corporation, endured one of the most humbling breaches of Attackers stole proprietary information relating to the company s SecureID product, one of the world s most widely used two-factor authentication solutions. 4 4 Scalable Network Security for the Virtualized Data Center

5 A New Security Model for the Virtualized Data Center Organizations that are preparing their data centers for full-scale virtualization need a new approach to security that fully supports the unique operational challenges of a cloud environment. Key considerations include: Scalable performance Security controls must match the throughput of today s flat, high-capacity data center networks without introducing latency. Like the networks themselves, the security platforms must scale out incrementally and affordably to accommodate growth over time. The flexibility to adapt to virtual environments Security controls for virtual environments can t be limited to scanning the traffic entering and leaving physical servers. They must have direct access to all the traffic within the virtual network itself between virtual machines, storage, and the hardware layer. The ability to recognize users and applications When physical landmarks are abstracted by virtualization, security controls must be able to identify systems, applications, and users to track them as they move through the virtual environment, and to accurately apply the appropriate policy. An extensible security model capable of stopping advanced attacks In the virtual environment, as in the physical one, signature-based inspection is no longer adequate to detect and stop targeted attacks and advanced persistent threats. Multifactor inspection is essential, coupled with context awareness, behavioral analytics, and external reputation intelligence to identify unknown and zero-day threats. Streamlined integration The same security controls should be used to defend both the physical and virtual environments. All the controls in use should be manageable through a single management console. A Singular Solution for Virtual Security: McAfee Network Security Platform Today, only one network security solution delivers on the essential requirements of network security in the virtual data center. Only McAfee Network Security Platform combines advanced threat detection, scalable in-line performance, and next-generation network intrusion prevention system (IPS) controls that operate seamlessly across physical and virtual environments. Unflinching performance for modern data center network fabrics McAfee Network Security Platform features a highly efficient inspection engine and native 10 GbE connectivity. It s capable of maintaining line rate performance in flat, high-capacity network fabrics, even with aggressive security policies and variable, real-world traffic conditions that reduce throughput in many alternative solutions by up to 50 percent. New scalable solution pushes IPS performance to 80 Gbps The new McAfee Network Security Platform XC Cluster allows McAfee Network Security Platform to scale gracefully up to 80 Gbps of throughput and 40 million concurrent connections, effectively doubling existing ISP benchmarks. Now your IPS solution can scale as your virtual environment grows, eliminating expensive rip and replace upgrades. Load balancing and failover capabilities support optimum efficiency and high availability. Scalable Network Security for the Virtualized Data Center 5

7 Application awareness McAfee Network Security Platform provides layer 7 detection and identification of more than 1,100 applications, including granular visibility into sub-applications, like the growing Zynga portfolio of Facebook games, and IRC chat in Yahoo! Mail. For each application McAfee Network Security Platform provides analytics and graphical reporting for essential metrics, including risk rating, aggregate threats, and bandwidth consumed. Enhanced rule definition simplifies application access control and includes the ability to correlate application activity with network attacks to enable more intelligent response and enforcement decision-making. Integrated security management McAfee Network Security Platform, when integrated with McAfee epolicy Orchestrator (McAfee epo ) software, enables a consolidated view of risk and compliance across the enterprise, including up-to-the-minute assessments of at-risk infrastructure based on system vulnerabilities, network defenses, and endpoint security levels. Multitenancy features for telecommunications and service providers McAfee Network Security Platform includes granular multitenancy options that are purpose-built for service provider environments. Create up to 1,000 virtual IPS policies per appliance, with granular policy control and unique rule sets in each. The solution also includes features for mobile service providers, allowing management of network policies for separate customers or services. a multitenant solution Figure 3. McAfee Network Security Platform allows users to create up to 1,000 virtual IPS policies, each with granular controls and reporting, making it ideal for service provider environments. Scalable Network Security for the Virtualized Data Center 7

8 Step Up to McAfee Network Security Platform The transformation of enterprise data centers by large-scale virtualization and private cloud developments demands an equally innovative approach to network security, one that combines a comprehensive threat detection model with extremely high levels of inspection efficiency, scalable performance, native integration with key virtualization technologies, and single-console management integration. That solution is now available, from McAfee. To learn more about McAfee network solutions for the data center, visit About McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse, and shop the web more securely. Backed by its unrivaled global threat intelligence, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. 1 Information Week, 6 Worst Data Breaches Of 2011, by Mathew J. Schwartz, December 28, 2011, attacks/ Data published by Info Security, News, May 24, Information Week, 6 Worst Data Breaches Of 2011, op. cit. 4 Information Week, 6 Worst Data Breaches Of 2011, op. cit Mission College Boulevard Santa Clara, CA McAfee, the McAfee logo, epolicy Orchestrator, McAfee epo, and McAfee Global Threat Intelligence are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2012 McAfee, Inc wp_network-dc_0512_fnl_ASD

McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy. The number of Internet-connected smart devices is growing at a rapid pace. According to Gartner, the

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Traditionally, IT risk management has balanced security investment and the impact of the threat, allowing each business

GOOD PRACTICE GUIDE 13 (GPG13) GPG13 - AT A GLANCE Protective Monitoring (PM) is based on Good Practice Guide 13 Comprises of 12 sections called Proactive Monitoring Controls 1-12 Based on four Recording

Solutions Brochure Situation Under Control Security Connected for the Public Sector 2 Security Connected for the Public Sector Increase Availability. Strengthen Resiliency. Government entities face pressure

White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

Data Sheet: Endpoint Security Overview Last year, we saw 317 million new malware variants, while targeted attacks and zero-day threats were at an all-time high 1. The threat environment is evolving quickly

ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different

Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,

White Paper For organizations large or small Table of Contents Who Is Reading Your Email? 3 The Three Options Explained 3 Organization-to-organization encryption 3 Secure portal or organization-to-user

McAfee Total Protection Reduce the Complexity of Managing Security Computer security has changed dramatically since the first computer virus emerged 25 years ago. It s now far more complex and time-consuming.

The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,

WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

The Evolution of the Enterprise And Enterprise Security Introduction Today's enterprise is evolving rapidly, with new technologies such as consumer-grade mobile devices, internet-based applications and

Optimizing Security Management with McAfee epolicy Orchestrator The proof is in the research Chief information officers (CIOs) at enterprises worldwide are facing a major struggle today: how to balance

V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable

PRODUCTS & TECHNOLOGY DATA CENTER CLASS WAN OPTIMIZATION Today s major IT initiatives all have one thing in common: they require a well performing Wide Area Network (WAN). However, many enterprise WANs

A New Paradigm Shift: Comprehensive Security Beyond the Security reports and the popular press consistently report the ever-increasing sophistication of security attacks. Shining a spotlight on the issue

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

Moving Beyond Proxies A Better Approach to Web Security January 2015 Executive Summary Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy security

White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center

datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent